Browse files

Verify form submissions for text/plain posts too.

Some browsers can POST requests with text/plain encoding, allowing attackers to  potentially subvert the request forgery prevention.
  • Loading branch information...
NZKoz committed Nov 16, 2008
1 parent 7ce3a59 commit 099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
Showing with 1 addition and 1 deletion.
  1. +1 −1 actionpack/lib/action_controller/mime_type.rb
@@ -18,7 +18,7 @@ module Mime
# end
class Type
@@html_types = [:html, :all]
- @@unverifiable_types = [:text, :json, :csv, :xml, :rss, :atom, :yaml]
+ @@unverifiable_types = [:json, :csv, :xml, :rss, :atom, :yaml]
cattr_reader :html_types, :unverifiable_types
# A simple helper class used in parsing the accept header

0 comments on commit 099a98e

Please sign in to comment.